Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Special characters (tab, newline) in license URL #3122

Closed
scom-technology-operations opened this issue Aug 14, 2024 · 2 comments · Fixed by #3449
Closed

Special characters (tab, newline) in license URL #3122

scom-technology-operations opened this issue Aug 14, 2024 · 2 comments · Fixed by #3449
Assignees
@spiffcs
Labels
bug Something isn't working license relating to software licensing

Comments

@scom-technology-operations
Copy link

scom-technology-operations commented Aug 14, 2024
edited
Loading

What happened:

  • We have created a CycloneDX-JSON of our Nexus installation with the last Syft version.
  • The UserAgentUtils library version 1.21 is found there as a dependency.
  • We have imported this CycloneDX-JSON into the latest version of Dependency-Track.
  • There we get the error message:
'$.components[9].licenses[0].license.url: does not match the iri-reference pattern must be a valid RFC 3987 IRI-reference'

What you expected to happen:

The license URL should be without special characters like newlines and tabs in the JSON field url.

Steps to reproduce the issue:

  1. Download .jar file
    https://repo1.maven.org/maven2/eu/bitwalker/UserAgentUtils/1.21/UserAgentUtils-1.21.jar
  2. syft --output cyclonedx-json=file.json --verbose

Anything else we need to know?:

  • In the file /META-INF/maven/eu.bitwalker/UserAgentUtils/pom.xml the license field is defined as follows.
	<licenses>
		<license>
			<name>New BSD License</name>
			<url>
				http://user-agent-utils.googlecode.com/svn/trunk/UserAgentUtils/LICENSE.txt
			</url>
			<distribution>repo</distribution>
		</license>
	</licenses>
  • In the CycloneDX-JSON from Syft the license entry is displayed as follows.
      "licenses": [
        {
          "license": {
            "name": "New BSD License",
            "url": "\n\t\t\t\thttp://user-agent-utils.googlecode.com/svn/trunk/UserAgentUtils/LICENSE.txt\n\t\t\t"
          }
        }
      ],

Environment:

  • Output of syft version:

Application: syft
Version: 1.11.0
BuildDate: 2024-08-09T17:52:25Z
GitCommit: 19cc664
GitDescription: v1.11.0
Platform: linux/amd64
GoVersion: go1.22.5
Compiler: gc

  • OS (cat /etc/os-release):

NAME="AlmaLinux"
VERSION="9.4 (Seafoam Ocelot)"
ID="almalinux"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.4"
PLATFORM_ID="platform:el9"
PRETTY_NAME="AlmaLinux 9.4 (Seafoam Ocelot)"
ANSI_COLOR="0;34"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:almalinux:almalinux:9::baseos"
HOME_URL="https://almalinux.org/"
DOCUMENTATION_URL="https://wiki.almalinux.org/"
BUG_REPORT_URL="https://bugs.almalinux.org/"

ALMALINUX_MANTISBT_PROJECT="AlmaLinux-9"
ALMALINUX_MANTISBT_PROJECT_VERSION="9.4"
REDHAT_SUPPORT_PRODUCT="AlmaLinux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.4"
SUPPORT_END=2032-06-01

  • Dependency-Track

Version: 4.11.6
@scom-technology-operations scom-technology-operations added the bug Something isn't working label Aug 14, 2024
@spiffcs spiffcs moved this to Ready in OSS Aug 14, 2024
@spiffcs spiffcs self-assigned this Aug 14, 2024
@spiffcs
Copy link
Contributor

spiffcs commented Aug 14, 2024

Thanks for the easy reproduce and bug report @scom-technology-operations! I've picked this up and will get a fix added for our next release.

@escalate
Copy link

Hey everybody,
are here any news about the release?
Best regards
Felix

@wagoodman wagoodman added the license relating to software licensing label Sep 20, 2024
@willmurphyscode willmurphyscode moved this from Ready to In Review in OSS Oct 8, 2024
@spiffcs spiffcs mentioned this issue Nov 17, 2024
Merged
4 tasks
@github-project-automation github-project-automation bot moved this from In Review to Done in OSS Nov 19, 2024
@BrewTestBot BrewTestBot mentioned this issue Nov 21, 2024
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@spiffcs spiffcs

Labels
bug Something isn't working license relating to software licensing
Projects
OSS
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

3122 valid license url characters anchore/syft
4 participants
@wagoodman @escalate @spiffcs @scom-technology-operations